ABC Training Mod 05 Policy

7/30/2019 ABC Training Mod 05 Policy

1/15

Custom Training

Module 6 Routing Policy


2/15

Policy Overview

Routing policy controls routing information transferredinto and out of the routing table

Ignore or change imported learned routes

Suppress or change advertised active routes

Redistribute routes from one protocol to another protocol

Routing policy consist of match/action pairs

Eliminates need for route maps, access lists, distribution lists,network commands etc. to accomplish a single goal


3/15

Import and Export Policy

Routing policy is performed from the perspective of therouting table

JUNOS applies import policy prior to route selection andinclusion into the routing table

JUNOS applies export policy to active routes prior to being

sent to neighbor

Juniper Networks Technical Certification Program (JNTCP)

M/T-Series Routers Track


Enterprise Routing Track

RoutingTableNeighbor Neighbor

Import Export


4/15

Default Routing Policy

Every protocol has default policy

A default policy is applied implicitly to the end of both theimport and export policy chain

IS-IS and OSPF

Import: IS-IS and OSPF do not allow import policies andtherefore do not require a default import policy.

Export: The primary purpose of IS-IS and OSPF export policiesare to introduce routes from other protocol.

RIP

Import: Accept all routes imported from RIP neighbors

Export: Reject all routes advertised to RIP neighbors

BGP

Import: Accept all routes imported from BGP neighbors

Export: Accept all routes exported to BGP neighbors in

accordance with the BGP protocol requirements


5/15

Routing Policy Syntax

Generic policy syntax

policy-options {

policy-statement policy-name {

term term-name {from {

match-conditions;

}

then {

match-actions;

}

}

}}

A policy can have

multiple terms


6/15

Match Conditions

Policies typically contain some form of match condition

The absence of a match condition means that all possibleroutes match

Possible match conditions include:

Neighbor address

Protocol

The protocol which activated the route in the routing table

Routing protocol information

BGP attributes

OSPF Tag

OSPF area ID

10.10.0.0/16 *[BGP/170]

172.16.30.0/24 *[OSPF/10]

192.168.5.0/24 *[Static/5]


7/15

Match Actions

The action performed in a term or policy for a givenmatch condition

Terminating actions

Accept route

Reject route

Flow control actions Skip to next term

Skip to next policy

Modify attribute actions

Cost (metric)

Preference

Community (Tag)

Local-preference


8/15

Route Filters

Route Filters are used to match individual routes orgroups of routes

General syntax in the form of:

Route Filter evaluation depends on the match type

Match types dictate the different route sets

exact

orlonger

longerupto

prefix-length-range

route-filter prefix/prefix-lengthmatch-typeaction;


9/15

Route Filters

exact

192.168/16

orlonger (down to /32)

192.168/16

192.168/16

192.168/16

192.168/16

longer (down to /32)

/x

/yprefix-length-range /x-/yupto


10/15

Policy Examples

Write a policy to redistribute RIP routes into OSPF

Policies are configured under the policy-options hierarchy

Apply the policy to OSPF

[edit policy-options]

lab@Denver# show policy-statement rip-to-ospf

term rip-routes {

from protocol rip;

then accept;

}

[edit protocols ospf]

lab@Denver# set export rip-to-ospf


11/15

Another Policy Example

Multiple match conditions require that all criteria matchbefore the action is applied

Create a policy to redistribute only OSPF area 2 routes


M/T-Series Routers Track

[edit]

lab@Denver# show policy-options

policy-statement isis-level2-routes {term l2-routes {

from {

protocol ospf;

area 2;

}

then accept;

}

}


12/15

Another Policy Example

Configure a multiple term policy

Create a policy to aggregate BGP routes

lab@Denver# show policy-options

policy-statement aggregate-routes {

term reject-specific-routes {

from {

protocol bgp;

route-filter 172.80.0.0/16 longer;

}

then reject;

}

term accept-agg-route {

from {

protocol aggregate;

route-filter 172.80.0.0/16 exact;

}

then accept;

}

}


13/15

Monitoring Policy Operation

The show route receive-protocol and showroute advertising-protocol commands: Display routing updates received beforeimport and after

export policy processing, respectively

Filtered routes are the exception for import policy

Other tools

test policy command trace action

Neighbors

Protocol

RoutingTable

Neighbors

Protocol

ImportPolicy

Routes Routes

ExportPolicy

show route receive-protocol bgp neighbor

show route advertising-protocol bgp neighbor

Show routes beforeimport policy

Shows routes afterexport policy

RouteFilters


14/15

Questions


15/15

ABC Training Mod 05 Policy

Documents